我似乎无法让春季前/后方法安全说明起作用。我读过关于这个议题的每一个相关的堆积流问题,主要的建议是确保全球方法安全与您想要获得的豆类一样。 我的调度员-服务器.xml有以下信息:

  <context:component-scan base-package="com.package.path" />
  <context:annotation-config />
  <security:global-method-security pre-post-annotations="enabled" />

有关豆类在“com.package.path”中, 我知道春天正正确地创造出它们的例子, 因为注射效果很好,

下面是“com. package. path”中的一个服务类示例:

@Controller
@RequestMapping("/article")
public class ArticleServiceImpl extends GWTController implements ArticleService {
    @Autowired
    public ArticleServiceImpl(DataSource ds) {

    }

    @Override
    @PreAuthorize("hasRole( ROLE_BASIC_USER )")
    public Article save(Article article) {

    }

}

保存方法的说明无效。

• I m using GWT, though from what I ve read, that shouldn t matter much.
• I have method security working perfectly well in another, similar project. The only difference is that there is a DAO layer in the other project, which is not present in this one. It s in this layer that I have annotation security working. However, it shouldn t matter what "layer" this is, as long as Spring is responsible for creation of the beans, right?
• The interface "ArticleService" above is a GWT service interface. I ve tried putting the annotation there, but that doesn t work either.

以下是我GWT总经理的班级,如果需要的话,请参考上面提到的班级:

package com.areahomeschoolers.baconbits.server.spring;

import javax.servlet.ServletConfig;
import javax.servlet.ServletContext;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;

import org.springframework.web.context.ServletConfigAware;
import org.springframework.web.context.ServletContextAware;
import org.springframework.web.servlet.ModelAndView;
import org.springframework.web.servlet.mvc.Controller;

import com.areahomeschoolers.baconbits.server.util.ServerContext;

import com.google.gwt.user.client.rpc.RemoteService;
import com.google.gwt.user.server.rpc.RemoteServiceServlet;

/**
 * Spring controller class that handles all requests and passes them on to GWT. Also initializes server context.
 */
public class GWTController extends RemoteServiceServlet implements ServletConfigAware, ServletContextAware, Controller, RemoteService {

    private static final long serialVersionUID = 1L;

    protected ServletContext servletContext;

    @Override
    public ServletContext getServletContext() {
        return servletContext;
    }

    // Call GWT s RemoteService doPost() method and return null.
    @Override
    public ModelAndView handleRequest(HttpServletRequest request, HttpServletResponse response) throws Exception {
        // load our ServerContext with current request, response, session, user, appContext, etc.
        ServerContext.loadContext(request, response, servletContext);
        try {
            doPost(request, response);
        } finally {
            ServerContext.unloadContext();
        }
        return null; // response handled by GWT RPC over XmlHttpRequest
    }

    @Override
    public void setServletConfig(ServletConfig conf) {
        try {
            super.init(conf);
        } catch (ServletException e) {
            e.printStackTrace();
        }
    }

    @Override
    public void setServletContext(ServletContext servletContext) {
        this.servletContext = servletContext;
    }

    @Override
    protected void checkPermutationStrongName() throws SecurityException {
        return;
    }

    @Override
    protected void doUnexpectedFailure(Throwable e) {
        e.printStackTrace();
        super.doUnexpectedFailure(e);
    }

}